Vulnerabilities > Theforeman > Foreman > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-08 | CVE-2013-0187 | Permissions, Privileges, and Access Controls vulnerability in Theforeman Foreman Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. | 6.5 |
| 2014-05-08 | CVE-2013-0174 | Information Exposure vulnerability in Theforeman Foreman The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | 5.0 |
| 2014-05-08 | CVE-2013-0173 | Cryptographic Issues vulnerability in Theforeman Foreman Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | 5.0 |